ZooKeeper ACLs Best Practices: YARN
YARN related ZooKeeper ACLs are automatically created using Cloudera Manager. Review the list of default ACLs to ensure they are set as recommended for YARN.
Cloudera Manager automatically sets some ZooKeeper ACLs related YARN properties that are used
by the YARN service to set up the default ZooKeeper ACLs. That means no manual configuration step
is needed. However, customized principles are set by Cloudera Manager only at first launch. For
any later launches Clouder Manager checks only the root znodes.
- ZooKeeper Usage:
-
/yarn-leader-election
- used for RM leader election -
/rmstore
- used for storing RM application state
-
-
Default ACLs:
-
/yarn-leader-election
-sasl:[***customized principle upon first launch***]:cdrwa
-
/rmstore
-sasl:[***customized principle upon first launch***]:cdrwa
-
If default ACLs are set incorrectly, perform one of the following workarounds:
-
Delete the znode and restart the YARN service.
-
Use the reset ZK ACLs command. This also sets the znodes below
/rmstore/ZKRMStateRoot
toworld:anyone:cdrwa
which is less secure.